Organizations

Roles

The Roles page allows organization owners to create custom permission sets that can be applied to users across different projects. This enables fine-grained access control and security management tailored to your organization's specific needs.

Accessing Roles Management

Navigation Path:

User Menu → My Organizations → [Select Organization] → Settings → Roles

Only users with Organization Owner role can access and create custom roles.

Roles Interface Overview

RolesCreate or edit new roles to apply custom permissions for your members in each projectNew role (+)AdminCan access project settings but cannot delete or transfer projectSystem Default RoleUseAllow to use and edit project contentSystem Default RoleViewOnly can view project content, but cannot create connections or run jobsSystem Default RoleData AnalystAccess datasets and run analytics jobsCustom Role[Custom][Edit]Security AuditorRead-only access to all project data for compliance reviewsCustom Role[Custom][Edit]

System Default Roles

Built-in Permission Sets

The system provides three essential roles that cannot be modified:

Admin Role

PermissionsDescription
Project Settings AccessCan modify project configuration, databases, and settings
User ManagementCan manage project members and roles
Job ExecutionCan create, modify, and run jobs
Dataset ManagementCan create, edit, and delete datasets
Rule ConfigurationCan create and edit transformation rules
LimitationsCannot delete or transfer project ownership

Use Cases:

  • Project administrators
  • Technical team leads
  • IT operations staff

Use Role

PermissionsDescription
Project Content ManagementCan edit and modify project content
Database ConnectionsCan create and manage database connections
Data OperationsCan mask databases and run transformation jobs
DeploymentsCan execute deployments and manage data pipelines
Dataset OperationsCan work with datasets within the project
LimitationsCannot change project-level settings or manage users

Use Cases:

  • Regular team members
  • Data engineers
  • ETL developers

View Role

PermissionsDescription
Read AccessCan view project content and configurations
Database AccessCan connect to databases for read-only operations
Execution AccessCan view and monitor running jobs
LimitationsCannot create connections, run jobs, or modify any data

Use Cases:

  • Business stakeholders
  • External auditors
  • Read-only analytics users
  • Compliance reviewers

Custom Roles

Creating Custom Roles

Organization owners can create specialized permission sets tailored to specific job functions and compliance requirements.

Role Creation Interface

Create/Edit RoleRole Name:[________________]*Role name is requiredRole Description:This role provides access to analytics featureswhile restricting production data access.PermissionsProject ManagementCreate projectsDelete projectsEdit project settingsTransfer project ownershipManage project membersProject billingData OperationsCreate datasetsDelete datasetsEdit datasetsExport datasetsRun jobsDelete jobsSchedule jobsCancel jobsDatabase ConnectionsCreate connectionsDelete connectionsTest connectionsModify connection securityAccess production dataAccess sensitive dataContent ManagementView project contentEdit project contentCreate rulesDelete rulesUpload filesDelete filesAnalytics and ReportingRun analyticsView sensitive analyticsExport reportsModify report templatesView audit logsClear audit logsCancelSave

Permission Categories

Project Management

PermissionDescriptionSecurity Impact
Create projectsAbility to create new projects in the organizationMedium - Can increase resource usage
Delete projectsAbility to permanently remove projectsHigh - Data loss risk
Edit project settingsModify project configuration and parametersMedium - Can affect data operations
Transfer project ownershipChange project ownership to another userHigh - Control transfer risk
Manage project membersAdd/remove users from projects, assign rolesMedium - Access control risk
Project billingAccess and modify billing-related settingsHigh - Financial risk

Data Operations

PermissionDescriptionSecurity Impact
Create datasetsAbility to create new dataset entriesLow - Content creation
Delete datasetsRemove datasets permanentlyMedium - Data loss risk
Edit datasetsModify existing dataset propertiesLow - Content modification
Export datasetsDownload datasets to local systemsHigh - Data exfiltration risk
Run jobsExecute data processing and transformation jobsMedium - Resource consumption
Delete jobsRemove job records and historyLow - Cleanup operation
Schedule jobsSet up automated job executionMedium - Resource scheduling
Cancel jobsStop running or scheduled jobsLow - Operation control

Database Connections

PermissionDescriptionSecurity Impact
Create connectionsAdd new database connections to projectsMedium - Increases attack surface
Delete connectionsRemove database connectionsLow - Reduces attack surface
Test connectionsVerify database connectivityLow - Testing capability
Modify connection securityChange authentication and encryption settingsHigh - Security configuration
Access production dataConnect to production databasesHigh - Production data risk
Access sensitive dataWork with highly sensitive or restricted dataCritical - Sensitive data exposure

Content Management

PermissionDescriptionSecurity Impact
View project contentRead access to project files and dataLow - Information disclosure
Edit project contentModify files, configurations, and dataMedium - Data integrity risk
Create rulesAdd new transformation and masking rulesMedium - Data processing control
Delete rulesRemove transformation rulesMedium - Processing impact
Upload filesAdd files to project workspaceLow - File management
Delete filesRemove files from project workspaceLow - File management

Analytics and Reporting

PermissionDescriptionSecurity Impact
Run analyticsExecute analytics queries and reportsMedium - Data processing
View sensitive analyticsAccess analytics on restricted dataHigh - Sensitive information access
Export reportsDownload analytics and reportsHigh - Data exfiltration
Modify report templatesChange report formats and contentLow - Presentation customization
View audit logsAccess system and project audit trailsMedium - Visibility of user activities
Clear audit logsRemove entries from audit historyHigh - Evidence destruction risk

Common Custom Role Examples

Data Analyst Role

Purpose: Analytics and reporting without production data access

Recommended Permissions:

  • ✅ Create datasets, Edit datasets, Export datasets
  • ✅ Run jobs, View project content
  • ✅ Run analytics, Export reports, View audit logs
  • ❌ Access production data, Access sensitive data
  • ❌ Create/delete connections, Edit project settings

Security Auditor Role

Purpose: Compliance and auditing with full read access

Recommended Permissions:

  • ✅ View project content, View audit logs
  • ✅ Run analytics, Export reports
  • ✅ Access sensitive analytics (for compliance review)
  • ❌ Create/delete/modify anything
  • ❌ Access production data (unless required for audit)

Database Administrator Role

Purpose: Database management without data processing

Recommended Permissions:

  • ✅ Create/delete connections, Test connections
  • ✅ Modify connection security, Access production data
  • ❌ Run jobs, Create/delete datasets, Edit project content
  • ❌ Manage project members, Transfer ownership

Project Lead Role

Purpose: Day-to-day project management without ownership changes

Recommended Permissions:

  • ✅ Edit project settings, Manage project members
  • ✅ Create/delete datasets, Run/Cancel jobs
  • ✅ Create/delete rules, Upload/delete files
  • ❌ Delete projects, Transfer ownership, Project billing

Role Management Features

Role Identification

Visual Indicators:

  • Default Roles: No special indicator (system built-in)
  • Custom Roles: [Custom] tag displayed next to role name
  • Edit Access: [Edit] button appears for custom roles only

Role Modifications

Editing Custom Roles

  • Only organization owners can edit custom roles
  • All existing users with the role will receive updated permissions
  • Changes are logged in audit trail with timestamp and editor
  • Cannot edit built-in system roles

Deleting Custom Roles

  • Confirmation dialog with impact assessment
  • Users assigned to deleted role automatically get View permissions
  • Cannot delete roles that are in use by project owners
  • Requires organization owner confirmation

Role Assignment

Project-Level Application

  • Custom roles can only be assigned at the project level
  • Same user can have different roles in different projects
  • Role changes apply immediately to user sessions
  • Bulk user assignment supported through member management

Role Inheritance

  • Organization roles provide default project access
  • Project-specific roles override organization defaults
  • Minimum permission principle applies when conflicts occur

Security Best Practices

Role Design Principles

  1. Principle of Least Privilege

    • Only grant permissions absolutely necessary for the job function
    • Start with minimal permissions and add only when justified
    • Regular review of role assignments and necessity

  2. Separation of Duties

    • Divide critical functions across multiple users
    • Prevent single-user control over entire data lifecycle
    • Implement approval workflows for high-risk operations

  3. Regular Auditing

    • Monitor role usage and access patterns
    • Review custom role effectiveness quarterly
    • Audit role assignments for appropriate user access

Compliance Considerations

GDPR / Data Protection

  • Limit access to personal data based on role necessity
  • Document justification for data access permissions
  • Implement audit logs for all data access through roles

SOX / Financial Controls

  • Segregate duties between data creation and approval
  • Maintain audit trails for all financial data access
  • Regular review of financial data role assignments

HIPAA / Healthcare

  • Restrict PHI access to specifically trained personnel
  • Implement role-based audit trails for healthcare data
  • Regular risk assessments of role-based access controls

Troubleshooting

Common Role Issues

Problem: User cannot perform expected actions after role assignment Solutions:

  1. Verify the role includes the specific permission needed
  2. Check if user has project-level role assignment
  3. Confirm user has accepted organization invitation
  4. Refresh user session or logout/login

Problem: Cannot delete custom role Solutions:

  1. Ensure no users are assigned to the role
  2. Check if role is assigned to any project owners
  3. Verify you have organization owner permissions
  4. Transfer role assignments to alternative roles first

Problem: Role changes not taking effect Solutions:

  1. Check if user needs to log out and log back in
  2. Verify the role was saved successfully
  3. Confirm project-specific role assignments aren't overriding organization role
  4. Check browser cache or use incognito mode

Permission Conflicts

Problem: User has conflicting permissions Resolution: The system uses most restrictive approach:

  • Organization role provides baseline access
  • Project role refines and can restrict access
  • If explicit project role exists, it takes precedence
  • Minimum permission principle applies to all conflicts

API and Integration

Role Management Endpoints

  • Create, read, update, delete custom roles
  • Bulk assignment of roles to users across projects
  • Export role configurations for backup/restore
  • Role usage analytics and reporting

Integration Points

  • Connect with external directory services for role mapping
  • Implement role-based APIs for automated workflows
  • Export role definitions for compliance reporting
  • Integrate with HR systems for automated role lifecycle management

Members Management

Previous Page

Overview

Next Page

On this page

RolesAccessing Roles ManagementRoles Interface OverviewSystem Default RolesBuilt-in Permission SetsAdmin RoleUse RoleView RoleCustom RolesCreating Custom RolesRole Creation InterfacePermission CategoriesProject ManagementData OperationsDatabase ConnectionsContent ManagementAnalytics and ReportingCommon Custom Role ExamplesData Analyst RoleSecurity Auditor RoleDatabase Administrator RoleProject Lead RoleRole Management FeaturesRole IdentificationRole ModificationsEditing Custom RolesDeleting Custom RolesRole AssignmentProject-Level ApplicationRole InheritanceSecurity Best PracticesRole Design PrinciplesCompliance ConsiderationsGDPR / Data ProtectionSOX / Financial ControlsHIPAA / HealthcareTroubleshootingCommon Role IssuesPermission ConflictsAPI and IntegrationRole Management EndpointsIntegration PointsRelated Documentation